Page MenuHomeVyOS Platform

If a config session is not close cleanly, the unionfs-mount is not cleaned up
Confirmed, LowPublicBUG

Description

Originally reported by edong32 on IRC. Based on conversation with them and dmbaturin:

When entering config-mode or running a script which sources /opt/vyatta/etc/functions/script-template an unionfs-mount is created under /opt/vyatta/config/tmp/.

This is normally cleaned up when exit [discard] is called. However in some cases exit doesn't get called. At least the following cases are known:

  • SSH connection to an interactive session dies
  • A script exits without calling exit (for instance by error in the script or getting killed before reaching the end)

This makes it possible that a new script tries to open a config session with a reused PID and will hit the existing session. Some things like running an incorrectly written monitoring script every 5 minutes can leave around thousands of mounts (and processes).

It would be good to implement some sort of garbage collection to clean up the session if the owning process has exited.

Since all the sessions seem include the "owning" PID in the path, it should be fairly trivial to periodically check if there is still a process with that PID running. If the process is no longer there, the mount (and what else?) could be cleaned up.

Possible issues:
This breaks if somebody is sharing the config session between multiple scripts. For example starting a session in one script, somehow saving the path and then finishing it later in another, or in a case where the parent process starts another one in the background and exits.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.0-rolling+201808010337
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

varesa created this object in space S1 VyOS Public.
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
erkin changed the task status from Open to Confirmed.May 30 2021, 9:50 AM
erkin triaged this task as Low priority.

@erkin One additional detail: there is an attempt at clean up on entering configuration mode (in UnionfsCstore::setupSession); nonetheless, there are clearly potential (and potentially serious) issues here. Cf. T3054 for the comment on setupSession; there has been no serious investigation of the issue yet.